89c7c8a795578ef239fef68fe949c29f50f7f40833f6eb87eabf66cae290eab6 | Triage

Sharing

General

Target

pandabanker_2.5.3.vir
Size

318KB
Sample

200719-b4enqzewq2
MD5

40033eb1ba8ab746a2024afba585ccf6
SHA1

0057350dc6cef9f8f7f94188d8120dc91974f7cf
SHA256

89c7c8a795578ef239fef68fe949c29f50f7f40833f6eb87eabf66cae290eab6
SHA512

ed354ba15a2e293d9fc2e38d8ad41c1412737bde03951d1574d8c2025f71ca0f82198bfe13ecef9de261c90a2887642819e9e33b8c9b2faab8b06f4fb8a8c830

Score

8^/10

evasion spyware

Malware Config

Targets

- Target
  
  pandabanker_2.5.3.vir
- Size
  
  318KB
- MD5
  
  40033eb1ba8ab746a2024afba585ccf6
- SHA1
  
  0057350dc6cef9f8f7f94188d8120dc91974f7cf
- SHA256
  
  89c7c8a795578ef239fef68fe949c29f50f7f40833f6eb87eabf66cae290eab6
- SHA512
  
  ed354ba15a2e293d9fc2e38d8ad41c1412737bde03951d1574d8c2025f71ca0f82198bfe13ecef9de261c90a2887642819e9e33b8c9b2faab8b06f4fb8a8c830
Score

8^/10

evasion spyware
- Executes dropped EXE
- Deletes itself
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2